Data wiping and HIPAA/HITCH
-
I have a small medical billing office that needs to have drives wiped as the PC's and servers are no longer needed by the company. As usual, they would like to do whatever is the cheapest today. Any ideas or input would be appreciated.
1.) I have one failed drive which I presume would have to be degaussed or shredded since it is not functioning.
2.) I have a few drives in PC's that can be wiped but customer asked about certification of service. I haven't see that yet, have you?
3.) How do you wipe servers when they are setup in a RAID?
Thanks!
-
@technobabble said:
3.) How do you wipe servers when they are setup in a RAID?
Same as any other, one drive at a time. You need direct access to a drive to wipe it, it cannot be abstracted first
-
@technobabble said:
I have a small medical billing office that needs to have drives wiped as the PC's and servers are no longer needed by the company. As usual, they would like to do whatever is the cheapest today. Any ideas or input would be appreciated.
1.) I have one failed drive which I presume would have to be degaussed or shredded since it is not functioning.
2.) I have a few drives in PC's that can be wiped but customer asked about certification of service. I haven't see that yet, have you?
3.) How do you wipe servers when they are setup in a RAID?
Thanks!
cheapest would be drill press.
-
I would just have all the drives shredded.
Here in the Midwest there is paper shredding company that a lot of my clients use that will also shred drives. I would assume they can certify it.
-
Some hardware RAID cards have drive wiping built into the firmware. But not many.
-
All the old computers being scrapped at my last office, the drives were pulled. There were some failed drives,... so a physical disk wipe wasn't reliable.
I pulled them, and said once it was practical, they should be physically shredded.
Personally I would like to mix up some thermite, but I don't know the legality of it, and haven't looked in to it.
-
We always did DOD wipes on everything then sometimes physically destroyed.
-
Always break raids before wipeing.
-
So the consensus is to shred drives. She was hoping to sell the severs with the drives in them.
-
I found a company that will do 100% destruction (shredding) and provide a Certificate of Destruction. Waiting for a call back to find out the cost of this service.
-
@technobabble said:
So the consensus is to shred drives. She was hoping to sell the severs with the drives in them.
Servers I always would have physically destroyed. Desktops depending on use could just get a DOD wipe.
-
Um...DBAN anyone?
-
I don't know what the cost is, but Obliterase provides a service like this with a certification.
-
We hand the drives to the kids in the metals workshop to drill through.
They think it's fun, we need the drives gone. It's a win-win situation.
-
@Kelly said:
I don't know what the cost is, but Obliterase provides a service like this with a certification.
I was thinking of them too. They were giving away a Kegerator (however you spell it, as I'm sure @dengelhardt could correct me) at Spiceworld last year. LOL
-
-
@Kelly said:
I don't know what the cost is, but Obliterase provides a service like this with a certification.
They do. Nice people. Spent some time talking to them last year at SpiceWorld.
-
@Obliterase summoning.....
-
Full disclosure: they're paying for me to go to Spiceworld London due to me winning a drawing. I'm not getting anything else from them for mentioning their name here
-
DBAN all the drives. (break raid array, dban one at a time.) If it was for my personal stuff or something not going to get you in trouble I'd suggest breaking the raid, making OBR10, dd /urandom the whole thing. Much faster, much less secure.
Take drives with you to shooting range.
Turn scraps in at metal recycler.
